From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 30 May 2014 10:40:25 +0000 (+0200)
Subject: skip non-existent aliases inside ipset configuration
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=4803b296c5728bd70bca35bc48279225acf6e453;ds=sidebyside

skip non-existent aliases inside ipset configuration
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 8f1d6b5..8407e3c 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2270,13 +2270,17 @@ sub generic_fw_config_parser {
 	    my $nomatch = $1;
 	    my $cidr = $2;
 
-	    if($cidr !~ m/^${ip_alias_pattern}$/) {
-		$cidr =~ s|/32$||;
-		eval { pve_verify_ipv4_or_cidr($cidr); };
-		if (my $err = $@) {
-		    warn "$prefix: $cidr - $err";
-		    next;
+	    eval { 
+		if ($cidr =~ m/^${ip_alias_pattern}$/) {
+		    resolve_alias($cluster_conf, $res, $cidr); # make sure alias exists
+		} else {
+		    $cidr =~ s|/32$||;
+		    pve_verify_ipv4_or_cidr($cidr);
 		}
+	    };
+	    if (my $err = $@) {
+		warn "$prefix: $cidr - $err";
+		next;
 	    }
 
 	    my $entry = { cidr => $cidr };